5 Comments

BJ

It appears that the "log2timeline-sift" command no longer works in v3.0 so the cheatsheet provided on the desktop cannot be followed any longer. As a linux novice it would be great if you guys could provide a blog post with the new commands.

Drexx Laggui

Drexx Laggui

Tony, I found the answer. This is the correct syntax:wget ''"quiet -O ''" https://raw.github.com/sans-dfir/sift-bootstrap/master/bootstrap.sh | sudo bash -s ''" -i -s -yFrom https://github.com/sans-dfir/sift-bootstrap says:"You must use bash not sh to run this script"

"A great course on timeline, registry, and restore point forensics. SANS is continuing to be the leader on teaching new techniques happening with forensics."- Brad Garnett, Gibson County Sherrif's Dept.